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(57)Abstract: 

PROBLEM TO BE SOLVED: To provide a method for 
controlling access to a LAN from a wireless LAN 
terminal, a wireless LAN base station apparatus and a 
wireless LAN terminal apparatus enabling the wireless 
LAN terminal apparatus to access wirelessly to the LAN 
without threatening security of resources in the LAN. 
SOLUTION: A method comprises a step in which a base 
station detects a wireless LAN terminal entering within 
the range of electric waves emitted from the wireless 
base station itself, and obtains authentication information 
from a wireless tag given to the wireless LAN terminal, a 
step to check the obtained authentication information 
against authentication information registered in the 
wireless base station or in an authentication device " n 
connected with the wireless base station, and determine if the wireless LAN terminal is 
allowed to access one of a plurality of wireless LANs, and a step to transmit configuration 
information of the plurality of wireless LANs registered in the wireless base station, or 
obtained from the external device connected to the wireless base station to the wireless LAN 
terminal in accordance with the decision result. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

l.This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] It is the approach of controlling said wireless LAN terminal possible [ connection ] to either of 
two or more wireless LAN which detects the wireless LAN terminal which invaded into electric- wave 
attainment within the limits of a base transceiver station, and uses the same frequency band identically 
within the area. The step which acquires authentication information from the wireless components which 
detected the wireless LAN tenninal which invaded into electric-wave attainment within the limits of 
self-equipment in said base transceiver station, and were added to the wireless LAN tenninal concerned, 
The authentication information acquired from the authentication equipment connected with the 
authentication information or the base transceiver station set up in the base transceiver station and the 
authentication information acquired from said wireless component are collated. The step which judges 
whether connection with either of two or more wireless LAN is permitted, The step which transmits the 
configuration information of two or more wireless LAN acquired from the external device connected 
with the configuration information of two or more wireless LAN or the base transceiver station set up in 
the base transceiver station based on the judgment result of connection authorization to said wireless 
LAN temiinal, The participating control approach to the wireless LAN of the wireless LAN terminal 
characterized by having the step whose connection with either of two or more wireless LAN sets up said 
wireless LAN configuration information received from said base transceiver station in the wireless LAN 
terminal within the end of a local, and is enabled according to the wireless LAN configuration 
information concerned. 

[Claim 2] It is equipment which controls said wireless LAN terminal possible [ connection ] to either of 
two or more wireless LAN which detects the wireless LAN terminal which invaded into electric-wave 
attainment within the limits of self-equipment, and uses the same frequency band identically within the 
area. A means to acquire authentication information from the wireless components which detected the 
wireless LAN terminal which invaded into electric-wave attainment within the limits of self-equipment, 
and were added to the wireless LAN terminal concerned, A means to judge whether the authentication 
information acquired from the authentication equipment connected with the authentication information 
or self-equipment set up in self-equipment and the authentication information acquired from said 
wireless component are collated, and connection with either of two or more wireless LAN is permitted, 
Wireless LAN base station equipment which transmits the configuration information of two or more 
wireless LAN acquired from the external device connected with the configuration information of two or 
more wireless LAN or self- equipment set up in self-equipment based on the judgment result of 
connection authorization to said wireless LAN terminal, and is characterized by having a means to set 
up. 

[Claim 3] Wireless LAN base station equipment according to claim 2 characterized by having a means 
to distribute the communication link to two or more wireless LAN from a wireless LAN terminal based 
on the protocol of the high order of a radio protocol with a wireless LAN terminal. 
[Claim 4] It is the wireless LAN tenninal unit controlled by the connectable condition to either of two or 
more wireless LAN which uses the same frequency band identically within the area based on die control 
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from a base transceiver station. The wireless components which answer a letter by wireless in the 
authentication information on self-equipment according to the demand from said base transceiver 
station, The wireless LAN teraiinal unit characterized by having the means whose connection with 
either of two or more wireless LAN receives the wireless LAN configuration information transmitted 
from said base transceiver station according to the authentication processing in said base transceiver 
station, and sets up in self-equipment, and is enabled according to the wireless LAN configuration 
information concerned. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention detects the wireless LAN terminal which invaded into electric- 
wave attainment within the limits of abase transceiver station, and relates to a wireless LAN terminal 
unit at the approach and wireless LAN base station equipment list which control said wireless LAN 
terminal possible [ connection ] to either of two or more wireless LAN which uses the same frequency 
band identically within the area. 
[0002] 

[Description of the Prior Art] The wireless LAN terminal which a wireless LAN base station exists on 
one network of a LAN (Local Area Network) protocol, and communicates with the same wireless LAN 
base station in a wireless LAN system can be connected only with the wireless LAN which the wireless 
LAN base station has connected. A wireless LAN base station is equipped with a wireless interface and 
every one LAN interface, and exchange of a wireless protocol and a LAN protocol is performed by 
passing both communication links transparent. For this reason, an interface is set to 1 :1 and serves as 
connection with one LAN to one radio frequency band. 

[0003] Moreover, when a wireless LAN terminal connects with wireless LAN through a wireless LAN 
base station, after configuration information, such as a network address of the wireless LAN (or it 
participates) to connect, conies to hand beforehand, processing set as the interior of the wireless LAN 
terminal itself is performed, and connection with a wireless LAN base station and connection with 
wireless LAN are made. Moreover, authentication processing which it permits using the resource on 
wireless LAN is performed between a wireless LAN terminal and the authentication equipment 
currently installed on wireless LAN, after connection with wireless LAN is made. Only authentication is 
performed, after this is performed on LAN protocols, such as TCP/IP, and is in the condition in which a 
fundamental communication link is possible. 
[0004] 

[Problem(s) to be Solved by the Invention] By the way, at office or works, two or more wireless LAN 
doubled not only with single wireless LAN but with the application is laid in many cases. According to 
the laid wireless LAN, it is necessary to install two or more wireless LAN base stations in such an 
environment. On the other hand, the user of the wireless LAN terminal to connect needs to receive in 
advance the LAN configuration information (a network address, subnet mask, etc.) doubled with the 
wireless LAN of a connection place, and needs to perform a setup on a terminal. 
[0005] However, since it becomes possible to access the resource of the fixed range on wireless LAN, 
making the user of a wireless LAN terminal receive the configuration information of wireless LAN 
beforehand becomes the cause which causes unlawful access of a resource, and it has the problem on 
management of a resource, or a security management of not being desirable. Moreover, configuration 
information, such as a network address, is given according to the fixed Ruhr in many cases, disclosing 
the configuration information on wireless LAN shows that an analogy of other equipment configurations 
on wireless LAN is attained, and tins also has the problem of not being desirable, in respect of a security 
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management. 

[0006] On the other hand, since configuration information cannot come to hand when a manager is 
absent if the user of a wireless LAN terminal who expects connection of wireless LAN temporarily has 
it, although the configuration information of wireless LAN is managed by the manager in many cases, 
there is a problem that use is impossible temporarily. Moreover, although attested in a connection phase 
by the remote access by LAN using public lines, such as a telephone, at wireless LAN, it is rare to 
perform authentication on the connection level which makes a communication link possible, 
configuration information is set up, and connection with wireless LAN is attained by making connection 
with a wireless LAN base station in many cases. However, on wireless LAN, since the resource which 
can be accessed even if it does not attest also exists, by the authentication processing after connection, 
the problem of it becoming impossible to secure sufficient security is. 

[0007] It is made in order that this invention may solve such a problem, and the 1st purpose is in 
providing with a wireless LAN terminal unit the participating control approach to LAN of the wireless 
LAN terminal winch enables connection of a wireless LAN terminal, and a wireless LAN base station 
equipment list, without threatening safeties, such as a resource in wireless LAN. The 2nd purpose of this 
invention is to provide with a wireless LAN terminal unit the participating control approach to the 
wireless LAN of the wireless LAN terminal which enables connection of a wireless LAN tenninal unit 
alternatively by one wireless LAN base station at either of two or more wireless LAN, and a wireless 
LAN base station equipment list. 
[0008] 

[Means for Solving the Problem] In order to attain the above-mentioned purpose, the participating 
control approach to the wireless LAN of the wireless LAN terminal of this invention It is the approach 
of controlling said wireless LAN terminal possible [ connection ] to either of two or more wireless LAN 
which detects the wireless LAN terminal which invaded into electric-wave attainment within the limits 
of a base transceiver station, and uses the same frequency band identically within the area. The step 
which acquires authentication information from the wireless components which detected the wireless 
LAN terminal which invaded into electric-wave attainment within the limits of self-equipment in said 
base transceiver station, and were added to the wireless LAN terminal concerned, The authentication 
information acquired from the authentication equipment connected with the authentication information 
or the base transceiver station set up in the base transceiver station and the authentication information 
acquired from said wireless component are collated. The step which judges whether connection with 
either of two or more wireless LAN is permitted, The step which transmits the configuration information 
of two or more wireless LAN acquired from the external device connected with the configuration 
information of two or more wireless LAN or the base transceiver station set up in the base transceiver 
station based on the judgment result of connection authorization to said wireless LAN terminal, Said 
wireless LAN configuration information received from said base transceiver station in the wireless LAN 
terminal is set up within the end of a local, and it is characterized by having the step whose connection 
with either of two or more wireless LAN is enabled according to the wireless LAN configuration 
information concerned. 

[0009] The wireless LAN base station equipment of this invention detects the wireless LAN terminal 
which invaded into electric-wave attainment within the limits of self-equipment. It is equipment which 
controls said wireless LAN terminal possible [ connection ] to either of two or more wireless LAN 
which uses the same frequency band identically within the area. A means to acquire authentication 
information from the wireless components which detected the wireless LAN terminal which invaded 
into electric-wave attainment within the limits of self-equipment, and were added to the wireless LAN 
terminal concerned, A means to judge whether the authentication information acquired from the 
authentication equipment connected with the authentication information or self-equipment set up in self- 
equipment and the authentication information acquired from said wireless component are collated, and 
connection with either of two or more wireless LAN is permitted, Based on the judgment result of 
connection authorization, the configuration information of two or more wireless LAN acquired from the 
external device connected with the configuration information of two or more wireless LAN or self- 
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equipment set up in self-equipment is transmitted to said wireless LAN terminal, and it is characterized 
by having a means to set up. Moreover, it is characterized by having a means to distribute the 
communication link to two or more wireless LAN from a wireless LAN terminal based on the protocol 
of the high order of a radio protocol with a wireless LAN terminal. 

[0010] Moreover, the wireless LAN terminal unit concerning this invention is based on control from a 
base transceiver station. The wireless components which are the wireless LAN terminal units controlled 
by the corrnectable condition to either of two or more wireless LAN which uses the same frequency 
band identically within the area, and answer a letter by wireless in the authentication information on 
self-equipment according to the demand from said base transceiver station, The wireless LAN 
configuration information transmitted from said base transceiver station according to the authentication 
processing in said base transceiver station is received, and it sets up in self-equipment, and is 
characterized by having the means whose connection with either of two or more wireless LAN is 
enabled according to the wireless LAN configuration information concerned. 
[0011] 

[Embodiment of the Invention] Hereafter, one gestalt in the case of carrying out this invention is 
concretely explained based on a drawing. Drawing 1 is the system configuration Fig. showing the 
operation gestalt of this invention. This invention consists of two or more wireless LAN terminals 104A 
and 104B which make a communication link possible with the wireless LAN base station 101 which 
controls two or more LAN 102A-102C held in the base station 101 of the wireless LAN which built or 
connected [ external ] the antenna, and this one wireless LAN base station 101, the authentication server 
103 for attesting whether the participation to these LANs 102A-102C is allowed, and connection with 
LANs 102A-102C. The transmitter-receivers 105A-105C with which two or more LAN 102A-102C 
communicates by the wireless circuit between the wireless LAN base stations 101 are connected. By 
having connected these transmitter-receivers 105A-105C, the function as wireless LAN which uses the 
same frequency band identically [ LANs 102A-102C ] within the area is added. 
[0012] On the other hand, the wireless LAN base station 101 detects the wireless LAN terminals 104A 
and 104B which invaded into electric- wave attainment within the limits of a local station 101. 
Authentication information is acquired from the detected wireless LAN terminal 104A104B by the 
wireless circuit. If the acquired authentication information is transmitted to an authentication server 102 
by wireless or the wire circuit, authentication processing of whether to permit connection with LANs 
102A-102C is performed and the response of Authentication O.K. is obtained The configuration 
information of LANs 102A-102C is transmitted to the LAN terminals 104A and 104B. At the LAN 
terminals 104A and 104B which received the configuration information of LANs 102A-102C, the 
configuration information is registered into the memory in self-equipment, and it communicates by 
emitting a connection request to either of LANs 102A-102C with reference to the contents of 
registration. 

[0013] The wireless tags (wireless components) 106A and 106B with which the authentication 
information for connecting with LANs 102A-102C was registered into the wireless LAN terminals 
104A and 104B are added to some cases. The authentication information registered into these wireless 
tags 106A and 106B answers an inquiry signal from the wireless LAN base station 101, and is answered 
to the wireless LAN base station 101. These wireless tags 106A and 106B contain an indirectional 
antenna, a cell, and LSI memory, and answer a letter considering the authentication information 
registered as a reply signal according to the inquiry signal from the wireless LAN base station 101. 
[0014] Drawing 2 is drawing having shown the example of a detail configuration of wireless LAN 
terminal 104A. Wireless LAN terminal 104A consists of processing units 1042 which perform 
processing of the data which communicated with the transceiver antenna 1041 for performing the 
communication link with the wireless LAN base station 101, and analysis, and wireless tag 106A is 
attached in some cases. The LAN configuration information setting field 1043 for holding the 
configuration information for connecting with LANs 102A-102C transmitted to a processing unit 1042 
from the wireless LAN base station 1011 is secured in memory. The information set as this LAN 
configuration information setting field 1043 holds the configuration information which enables 
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connection with LANs 102A-102C other than the configuration information which makes wireless 
connection. Generally, TCP/IP is used and information, such as an IP address, a network address, the 
gateway address, and various server addresses, is the contents of LAN configuration information. 
[0015] On the other hand, the authentication information registered into wireless tag 106 A is the 
authentication information for participating in LANs 102A-102C, and consists of unique identifiers and 
passwords for specifying self-equipment 104A at worst. Drawing 3 is drawing having shown the 
example of a detail configuration of the wireless LAN base station 101. The wireless LAN base station 
101 has the function of exchange of the invasion monitor of the wireless LAN terminal which is the 
function which the base station in the former has, and a not only the radio between LANs but a wireless 
LAN terminal, front [ connection ] authentication processing, and the communication link between 
LANs. 

[0016] The wireless LAN base station 101 of this example has the processing control unit 1011 which 
takes the lead in functions, such as a communication link and authentication, and is constituted from a 
LAN communication link exchange style 1012 which controls radio, and an authentication controlling 
mechanism 1013 which performs control of authentication by the processing control unit 1011. In the 
processing control unit 101 1, it has the LAN transceiver antenna 1014 which communicates with the 
transmitter-receivers 105A-105C of LANs 102A-102C used as the candidate for a communication link, 
and the terminal transceiver antenna 1015 which performs the communication link with the wireless 
LAN tenninals 104 A and 104B. Moreover, the wireless LAN base station 101 has the authentication 
server connection interface 1016 for connecting with an authentication server 103. 
[0017] The wireless LAN base station 101 sends out the electric wave for terminal detection at intervals 
of predetermined time from the terminal transceiver antenna 1015. When [ which was supervising and 
invaded ] it detects, whether one of wireless LAN terminals invaded into electric-wave attainment 
within the limits of a local station Authentication information is acquired from the wireless tags 106 A or 
106B of the detected wireless LAN terminal, the acquired authentication information is transmitted to an 
authentication server 103 by processing of the authentication controlling mechanism 1013, and 
authentication processing is performed. If the response of Authentication O.K. is answered from an 
authentication server 103, configuration information, such as a network address of LAN102A102C, will 
be acquired from an authentication server 103, you will transmit to the wireless LAN terminal which 
detected invasion, and the LAN configuration information setting field 1403 of the wireless LAN 
terminal will make it set up. 

[0018] Thereby, the wireless LAN tenninals 104 A or 104B which invaded into electric- wave attainment 
within the limits of the wireless LAN base station 101 become connectable with either 102A-102C 
through the wireless LAN base station 101. In this case, LANs 102A-102C used as the candidate for 
connection analyze higher-level protocol information, such as TCP/TP, at LAN communication link 
exchange guard 1012, and are chosen according to that analysis result. It means that the wireless LAN 
system which multiplexed and held two or more LANs in one wireless LAN base station as the whole 
by connection distribution processing to two or more LANs which can be set to such one wireless LAN 
base station 101 was built. 

[0019] Drawing 4 is the wireless LAN terminals 104A and 104B and the explanatory view of the LAN 
connection authentication processing performed between authentication servers 103. Although the 
wireless LAN base station 101 is monitoring invasion of the wireless LAN terminals 104 A and 104B 
into the electric-wave area of influence of a local station continuously, if invasion is detected, it will 
perform authentication processing between the wireless LAN base station 101, the wireless LAN 
terminals 104 A and 104B, and an authentication server 103. The wireless tags 106 A and 106B holding 
the authentication information 401 which consists of user ID 401 1 and a password 4012 at least are 
added to the wireless LAN terminals 104A and 104B. User ID 4011 is the information for specifying 
uniquely the wireless LAN terminals 104A and 104B, and serves as key information for searching the 
data on an authentication server 103. A password 4012 is collated with the password on an 
authentication server 103, and is used as that by which the authentication information on wireless LAN 
tenninal 104A and 104B was registered into normal, or information for (connection with LAN would 
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not be permitted by normal), and identifying. 

[0020] It is held at the authentication server 103 so that the LAN configuration information 4022 to 
which connection with LANs 102A-102C is permitted for a password 4021 and connection can be 
retrieved for user ID as a key. The wireless LAN base station 101 transmits the user ID 401 1 of the 
authentication information 401 acquired from the wireless LAN terminals 104 A or 104B which detected 
invasion, and a password 4012 to an authentication server 103. The authentication information 402 
currently held inside is retrieved in an authentication server 103 by using user ID 401 1 which received 
as a key. When corresponding authentication information is held, a password 4012 is collated and it 
checks that it is in agreement. When in agreement, it considers as an authentication success and the 
wireless LAN base station 101 is answered by making into an authentication result LAN configuration 
information 4022 retrieved by user ID 4011. 

[0021] The wireless LAN base station 101 is transmitted to the wireless LAN terminals 104A or 104B 
which carried out invasion detection of the answered LAN configuration information 4022. On the other 
hand, the received LAN configuration information 4022 is registered into the LAN configuration 
information setting field 1403 at the wireless LAN terminals 104A or 104B. Thereby, the participation 
to LANs 102A-1025C is attained using the LAN configuration information 4022. In this case, since it 
can set up for every user ID so that the contents of the LAN configuration information 4022 may be 
differed, it is controllable by the user whether it is connectable with any of LANs 102A-102C. 
[0022] In addition, when it becomes authentication failure, an error response is transmitted to the 
corresponding wireless LAN terminal, and LAN configuration information is not transmitted. Therefore, 
the participation to LANs 102A-12C becomes impossible, and except the wireless LAN terminal which 
added the wireless tag holding the user ID and the password which normal was allowed, it becomes 
impossible to access it to the resource of LANs 102A-102C, and it can prevent unlawful access to an 
inaccurate user. Moreover, since LAN configuration information is not disclosed at all by the inaccurate 
user, the safety of LANs 102A-102C can be raised. 

[0023] Moreover, if it is the wireless LAN terminal which added the wireless tag holding the user ED 
and the password which normal was allowed even if the manager of LANs 102A-102C is absent, since 
LAN configuration information will be set as the LAN configuration information setting field 1403, 
without making a user conscious, temporary use is also attained even if it is a manager absence. 
[0024] In addition, it may be made to carry out in the wireless LAN base station 101 instead of 
performing authentication processing by the authentication server 103. In that case, you may make it 
acquire the authentication information 502 from an authentication server 103 or other external devices, 
and it may be beforehand held in the wireless LAN base station 101 . 

[0025] Drawin g 5 is the flow Fig. having shown the procedure of authentication of a wireless LAN 
terminal, and LAN connection. The wireless LAN base station 101 emits the signal which looks for the 
wireless LAN terminals 104A and 104B, and is supervising that the wireless LAN terminals 104A and 
104B invaded within self-(step 501). If the wireless LAN terminal which invaded is undiscovered, it will 
scan continuously. When one of wireless LAN terminals is discovered (step 502), the wireless LAN 
base station 101 transmits the authentication information acquisition demand for attesting to the wireless 
LAN terminal (step 503). The wireless LAN terminal which received the authentication information 
acquisition demand returns the authentication information currently held in the wireless tag in the end of 
a local (step 504). 

[0026] In order to use the returned authentication information for the wireless LAN base station 101 and 
to attest a wireless LAN terminal, the authentication processing demand which includes authentication 
information to an authentication server 103 is transmitted (step 505). An authentication server 103 
performs authentication processing using the transmitted authentication information (step 506). This 
authentication processing is performed by collating with the authentication information 402 in an 
authentication server 103. When authentication is successful, the LAN configuration information for 
participating in LAN currently held in the authentication information 402 is returned to a wireless LAN 
terminal via the wireless LAN base station 101 (step 507,508). 

[0027] At a wireless LAN terminal, when LAN configuration information is returned, LAN 
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configuration information is set up in a wireless LAN terminal (step 509), and it changes into the 
condition that a wireless LAN communication link can he performed. LAN configuration information is 
set up, and if it will be in the condition that connection with LANs 102A-102C can be made, data 
communication will be performed as a usual communication link (step 510). That is, a wireless LAN 
terminal sends out data by wireless to the wireless LAN base station 101. The wireless LAN base station 
101 which received data chooses LANs 102A-102C connected to self-equipment based on received data 
(step 511), and transmits data to one of the selected LAN of the. Thereby, it enables a wireless LAN 
terminal to be only holding authentication information within the end of a local, and to perform 
connection authentication to LANs 102A-102C, LAN selection, and data communication. 
[0028] In addition, when detecting whether the wireless LAN terminals 104A or 104B invaded into 
electric-wave attainment within the limits of the wireless LAN base station 101, it may be made to 
consider by having transmitted the question signal with the same frequency band as wireless LAN, and 
having answered the identifier of the wireless LAN terminal with which the identifier of a wireless tag 
or the wireless tag concerned was added as the response from the wireless tag as invasion detection. If it 
does in this way, it will become unnecessary to incorporate processing (processing of step 503,504) for 
that wireless tag 106A holding the authentication information to which connection with LANs 102A- 
102C is permitted may be added to the wireless LAN tenninal which a user owns to only send and 
receive authentication information in a wireless LAN terminal. 

[0029] Drawing 6 is drawing having shown the outline of the LAN selection performed in the wireless 
LAN base station 101. The wireless LAN base station 101 receives the data from the wireless LAN 
terminals 104A and 104B. Although the wireless LAN base station 101 is usually transmitting received 
data to the interface by the side of LAN connected to self-equipment and enables a wireless LAN 
communication link, it chooses and transmits a suitable thing from two or more LANs connected in this 
invention according to the protocol information in the received data. Received data 601 consist of the 
protocol section 602 for performing radio, and a protocol 603 on transmitted LAN as a protocol which 
controls a communication link, the judgment 604 of LAN transmitted using the LAN protocol 603 
constituted by the high order at the same time the wireless LAN base station 101 performs radio with the 
wireless protocol 602 — it carries out. Into the LAN protocol 603, since the transmitting agency address 
and the transmission place address are included, the transmission place address is extracted and LAN 
which consists of the same addresses out of LANs 102A-102C connected to self-equipment is chosen. 
When LAN which consists of the same addresses does not exist, since LAN of the destination is a relay 
point, it transmits by choosing suitable LAN based on the routing information set up in self-equipment. 
[0030] Drawing 7 is the system configuration Fig. showing the operation gestalt which was made to 
attest by installing an authentication server 103 in a remote place. This operation gestalt is using a 
general-purpose interface gestalt and a protocol as a connection interface of a base transceiver station 
101 and an authentication server 103, and can free the installation of an authentication server 103. 
Thereby, it becomes possible to carry out the centralized control of the authentication information on 
two or more LANs by one place. 

[0031] With this operation gestalt, the cellular-phone terminal 204 was used and the authentication 
server 202 is connected. In case authentication is needed with connection of a wireless LAN terminal, a 
base transceiver station 101 opens connection, now the authentication server interface which is to self- 
equipment. That is, after establishing the channel between portable telephones 701 and 702 and 
establishing connection with an authentication server 103, it attests here. 
[0032] 

[Effect of the Invention] As explained above, according to this invention, it becomes possible to perform 
selection of wireless LAN, participation, and a communication link, without [ without a user is 
conscious of LAN configuration only by holding the authentication information for attesting in a 
wireless LAN temiinal and ] threatening safeties, such as a resource in wireless LAN. Moreover, it 
becomes possible to connect a wireless LAN terminal unit to either of two or more wireless LAN 
alternatively by one wireless LAN base station. 
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l.This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2**** shows the word which can not be translated. 
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TECHNICAL FIELD 



[Field of the Invention] This invention detects the wireless LAN terminal which invaded into electric- 
wave attainment within the limits of a base transceiver station, and relates to a wireless LAN terminal 
unit at the approach and wireless LAN base station equipment list which control said wireless LAN 
terminal possible [ connection ] to either of two or more wireless LAN which uses the same frequency 
band identically within the area. 
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PRIOR ART 



[Description of the Prior Art] The wireless LAN terminal which a wireless LAN base station exists on 
one network of a LAN (Local Area Network) protocol, and communicates with the same wireless LAN 
base station in a wireless LAN system can be connected only with the wireless LAN which the wireless 
LAN base station has connected. A wireless LAN base station is equipped with a wireless interface and 
every one LAN interface, and exchange of a wireless protocol and a LAN protocol is performed by 
passing both communication links transparent. For this reason, an interface is set to 1:1 and serves as 
connection with one LAN to one radio frequency band. 

[0003] Moreover, when a wireless LAN tenninal connects with wireless LAN through a wireless LAN 
base station, after configuration information, such as a network address of the wireless LAN (or it 
participates) to connect, comes to hand beforehand, processing set as the interior of the wireless LAN 
terminal itself is performed, and connection with a wireless LAN base station and connection with 
wireless LAN are made. Moreover, authentication processing which it permits using the resource on 
wireless LAN is performed between a wireless LAN terminal and the authentication equipment 
currently installed on wireless LAN, after connection with wireless LAN is made. Only authentication is 
performed, after this is performed on LAN protocols, such as TCP/IP, and is in the condition in which a 
fundamental communication link is possible. 
[0004] 

[Problem(s) to be Solved by the Invention] By the way, at office or works, two or more wireless LAN 
doubled not only with single wireless LAN but with the application is laid in many cases. According to 
the laid wireless LAN, it is necessary to install two or more wireless LAN base stations in such an 
environment. On the other hand, the user of the wireless LAN terminal to connect needs to receive in 
advance the LAN configuration information (a network address, subnet mask, etc.) doubled with the 
wireless LAN of a connection place, and needs to perform a setup on a terminal. 
[0005] However, since it becomes possible to access the resource of the fixed range on wireless LAN, 
making the user of a wireless LAN terminal receive the configuration information of wireless LAN 
beforehand becomes the cause which causes unlawful access of a resource, and it has the problem on 
management of a resource, or a security management of not being desirable. Moreover, configuration 
information, such as a network address, is given according to the fixed Ruhr in many cases, disclosing 
the configuration information on wireless LAN shows that an analogy of other equipment configurations 
on wireless LAN is attained, and this also has the problem of not being desirable, in respect of a security 
management. 

[0006] On the other hand, since configuration information cannot come to hand when a manager is 
absent if the user of a wireless LAN terminal who expects connection of wireless LAN temporarily has 
it, although the configuration information of wireless LAN is managed by the manager in many cases, 
there is a problem that use is impossible temporarily. Moreover, although attested in a connection phase 
by the remote access by LAN using public lines, such as a telephone, at wireless LAN, it is rare to 
perform authentication on the connection level which makes a communication link possible, 
configuration information is set up, and connection with wireless LAN is attained by making connection 
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with a wireless LAN base station in many cases. However, on wireless LAN, since the resource which 
can be accessed even if it does not attest also exists, by the authentication processing after connection, 
the problem of it becoming impossible to secure sufficient security is. 

[0007] It is made in order that this invention may solve such a problem, and the 1st purpose is in 
providing with a wireless LAN terminal unit the participating control approach to LAN of the wireless 
LAN terminal which enables connection of a wireless LAN terminal, and a wireless LAN base station 
equipment list, without threatening safeties, such as a resource in wireless LAN. The 2nd purpose of this 
invention is to provide with a wireless LAN terminal unit the participating control approach to the 
wireless LAN of the wireless LAN terminal which enables connection of a wireless LAN terminal unit 
alternatively by one wireless LAN base station at either of two or more wireless LAN, and a wireless 
LAN base station equipment list. 
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EFFECT OF THE INVENTION 



[Effect of the Invention] As explained above, according to this invention, it becomes possible to perform 
selection of wireless LAN, participation, and a communication link, without [ without a user is 
conscious of LAN configuration only by holding the authentication information for attesting in a 
wireless LAN terminal and ] threatening safeties, such as a resource in wireless LAN. Moreover, it 
becomes possible to connect a wireless LAN terminal unit to either of two or more wireless LAN 
alternatively by one wireless LAN base station. 
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DESCRIPTION OF DRAWINGS 
[Brief Description of the Drawings] 

[Drawin g 1] It is the system configuration Fig. showing the operation gestalt of this invention. 
[Drawing 2] It is drawing having shown the example of a configuration of a wireless LAN terminal. 
[Drawin g 3] It is drawing having shown the example of a configuration of a wireless LAN base station. 
[Drawing 4] They are a wireless LAN terminal and the explanatory view of the authentication 
processing performed between authentication servers. 

[Drawing 5] It is the flow Fig. showing the procedure of authentication of a wireless LAN terminal, and 
LAN connection processing. 

[ Drawi ng 6] It is the explanatory view showing the outline of the LAN selection performed in a wireless 
LAN base station. 

[Drawing 7] It is drawing showing the operation gestalt in the case of attesting by installing an 
authentication server in a remote place. 
[Description of Notations] 

101 [ — A wireless tag, 401 / — Authentication information, 402 / — Authentication information, 1013 / - 

- An authentication controlling mechanism, 1012 / - A LAN communication link exchange style, 1042 / 

— A processing unit, 1043 / — A LAN configuration information setting field, 4022 / — LAN 
configuration information. ] — A wireless LAN base station, 102A - 102 C— LAN, 103 — An 
authentication server, 104 A, 104B — A wireless LAN terminal, 106 A, 106B 
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DRAWINGS 



[ Drawing 6] 




[Drawin g 2] 



http ://www4.ipdl.inpit. go .j p/cgi-bin/tran_web_cgi_ejj e 8/8/2007 



lD!A,Ip«l 

— 




[Drawi ng 3j 

I 



V 


SUStifWSH 






lan as 










m 



lQltt 




LAN&SH 



JH*»2f8 

7; 



[Drawing 4] 
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